Masanori KUSUNOKI , S.N. 09/805,284 
Page 2 



Dkt . 



2562/64498 



Listing of Claims 

The following listing of claims 
and listings, of claims in the 



will replace all prior versions, 
subj ect application : 



1. (currently amended) An access authentication system for 
providing a client with a service of connection to a second 
terminal server via a first terminal server, characterized by 
comprising : 

a first authentication server for determining whether or not 
the client should be connected to the first terminal server, on 
the basis of personal information input by the client to the 
first terminal server, the first authentication server creating 
first ticket data by encoding a client parameter, which includes 
part of the personal information, on the basis of a summarization 
using a one-way function, and transferring the first ticket data 
to the second terminal server as well as the client parameter; 
and 

a second authentication server for detecting whether or not 
the client parameter is valid and whether or not the first ticket 
data has been used, creating second ticket data by encoding the 
client parameter on the basis of a summarization using a one-way 
function, comparing the first and second ticket data, and 
supplying the second terminal server with data indicative of 
whether or not the second terminal server should be connected to 
the client; 

wherein the client parameter includes at least one of ID 
information of the client, an access -originator IP address, and 
an expiration date set for the first ticket data; and 

the first and second authentication servers includes a 
common character string which is predetermined when creating the 
first and second ticket data and which is changed at a 
predetermined point in time , and 

wherein the client connects to the second terminal server via 
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the first terminal server . 

Claims 2-5 (canceled) . 

6. (currently amended) An access authentication system for 
providing a client with a service of connection to a second 
terminal server via a first terminal server, characterized by 
comprising : 

a first authentication server for determining whether or not 
the client should be connected to the first terminal server, on 
the basis of ID information and a password input by the client to 
the first terminal server, the first authentication server 
creating first ticket data by encoding client parameters, which 
include the ID information, an access-originator IP address of 
the client, a predetermined expiration date and a common 
character string, on the basis of a summarization using a one-way 
function, and transferring the first ticket data to the second 
terminal server as well as the client parameter; and 

a second authentication server for comparing an access- 
originator IP address input by the client to the second terminal 
server with the access -originator IP address of the client 
included in the client parameter, thereby determining whether or 
not access by the client has been executed on or before the 
expiration date, determining whether or not the first ticket data 
has been used, creating second ticket data by encoding the client 
parameters on the basis of a summarization using a one-way 
function, comparing the first and second ticket data, and 
supplying the second terminal server with data indicative of 
whether or not the second terminal server should be connected to 
the client ; 

wherein the first and second authentication servers include 
a common character string which is predetermined when creating 
the first and second ticket data, and which is changed at a 
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predetermined point in time , and 

wherein the client connects to the second terminal server via 
the first terminal server . 

7. (currently amended) An access authentication system for 
providing a client with a service of connection to a second 
terminal server via a first terminal server, characterized by 
comprising by comprising: 

first personal information acquiring means for acquiring 
first personal information input by the client to the first 
terminal server ; 

first authentication means for determining whether or not 
the client should be connected to the first terminal server, on 
the basis of the first personal information; 

first ticket data creating means for creating first ticket 
data by encoding a first client parameter, which includes part of 
the first personal information, on the basis of a summarization 
using a one-way function; 

transfer means for transferring the first ticket data to the 
second terminal server; 

second personal information acquiring means for acquiring 
personal information input by the client to the second terminal 
server; and 

second authentication means for creating second ticket data 
by encoding the second client parameter, which contains the part 
of the second personal information, on the basis of a 
summarization using a one-way function, comparing the first and 
second ticket data, and supplying the second terminal server with 
data indicative of whether or not the second terminal server 
should be connected to the client; 

wherein the first ticket data creating means and the second 
authentication means include a common character string which is 
predetermined when creating the first and second ticket data, and 
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which is changed at a predetermined point in time , and 

wherein the client connects to the second terminal server via 
the first terminal server . 

Claims 8 and 9 (canceled) . 

10. (original) The access authentication system according 
to claim 7, characterized in that the second authentication means 
judges validity of the first ticket data. 

11. (original) The access authentication system according 
to claim 7, characterized in that the second authentication means 
judges legality of the client parameter. 

Claims 12 and 13 (canceled) . 

14 . (currently amended) A computer-readable storage medium 
that stores a program for operating a computer, the program being 
characterized by comprising: 

first personal information acquiring means for acquiring 
first personal information from a client in a first terminal 
server; 

first authentication means for determining whether or not 
the client should be connected to the first terminal server, on 
the basis of the first personal information; 

first ticket data creating means for creating first ticket 
data by encoding a client parameter, which includes at least part 
of the first personal information, on the basis of a 
summarization using a one-way function, if the first 
authentication means determines that the client should be 
connected to the first terminal server; 

transfer means for transferring the first ticket data to a 
second terminal server; 
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first ticket data acquiring means for acquiring the first 
ticket data in the second terminal server; 

second personal information acquiring means for acquiring 
second personal information from the client in the second 
terminal server; 

second ticket creating means for creating second ticket data 
by encoding a client parameter, which includes part of second 
personal information, on the basis of the summarization using a 
one-way function; and 

second authentication means for comparing the first and 
second ticket data, thereby determining whether or not the client 
should be connected to the second terminal server; 

wherein the first ticket data creating means and the second 
authentication means include a common character string which is 
predetermined when creating the first and second ticket data and 
which is changed at a predetermined point in time , and 

wherein the client connects to the second terminal server via 
the first terminal server . 

Claims 15 and 16 (canceled) . 

17. (currently amended) A program for operating a 

computer , comprising : 

first personal information acquiring means for acquiring 
first personal information from a client in a first terminal 
server; 

first authentication means for determining whether or not 
the client should be connected to the first terminal server, on 
the basis of the first personal information; 

first ticket data creating means for creating first ticket 
data by encoding a client parameter, which includes at least part 
of the first personal information, on the basis of a 
summarization using a one-way function, if the first 
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authentication means determines that the client should be 
connected to the first terminal server; 

transfer means for transferring the first ticket data to a 
second terminal server ; 

first ticket data acquiring means for acquiring the first 
ticket data in the second terminal server ; 

second personal information acquiring means for acquiring 
second personal information from the client in the second 
terminal server ; 

second ticket creating means for creating second ticket data 
by encoding a client parameter, which includes part of second 
personal information, on the basis of the summarization using a 
one-way f unc t ion ; and 

second authentication means for comparing the first and 
second ticket data, thereby determining whether or not the client 
should be connected to the second terminal server ,- 

wherein the first and second ticket data creating means 
include a common character string which is predetermined when 
creating the first and second ticket data and which is changed at 
a predetermined point in time , and 

wherein the client connects to the second terminal server via 
the first terminal server . 

Claims 18 and 19 (canceled) . 

20. (currently amended) An access authentication method 
for providing a client with a service of connection to a second 
terminal server via a first terminal server, characterized by 
comprising : 

a first authentication step of determining whether or not 
the client should be connected to the first terminal server; 

a first ticket data creating step of creating first ticket 
data by encoding a client parameter, which includes at least part 
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of personal information input by he client, on the basis of a 
summarization using a one-way function; 

a data transfer step of transferring the client parameter 
and the first ticket data to the second terminal server; 

a detection step of detecting whether or not the client 
parameter in the first terminal server is valid, and whether or 
not the first ticket data has been used; 

a second ticket data creating step of creating a second 
ticket data by encoding the client parameter on the basis of a 
summarization using a one-way function; 

a ticket data comparison step of comparing the second ticket 
data with the first ticket data; and 

a second authentication step of determining whether or not 
the client should be connected to the second terminal server, on 
the basis of results obtained at the determination step and the 
comparison step; 

wherein the first and second ticket data creating steps 
include a common character string which is predetermined when 
creating the first and second ticket data and which is changed at 
a predetermined point in time , and 

wherein the client connects to the second terminal server via 
the first terminal server . 

21. (new) The system of claim 1, wherein the client is 
contracted with the first terminal server for receiving services 
from the first terminal server, and the client is not contracted 
with the second terminal server for receiving services from the 
second terminal server. 

22. (new) The system of claim 1, wherein the first 
authorization server transfers the first ticket data and the 
client parameter directly to the second authorization server 
without going through the client. 



